What about Poodle - SSL V3? Will be fixed in next update?


21618473

Recommended Posts

Reading up on this, it probably one of the least problem causing exploits of late. There has are a lot of pre-requisites for this to happen:

Server must support SSL3 (many don't now, or have since been disabled);

Browser using SSL3 (irrelevant due to #1, and easily disabled in most clients);

Hacker needs to be on the same network;

More than likely in close proximity.

Security researchers say that the Poodle bug is more innocuous than Heartbleed or Shellshock. For one, they note that SSL 3.0 has been largely superseded by a newer encryption protocol called Transport Layer Security, or TLS. Also, to pull off an a Poodle attack, security researchers say that the victim has to be actively online and physically close to the attacker — say, using the same public Wi-Fi.

Also I think that if you're on a hardwired connection your chances of falling victim to the bug is almost 0, unless of course someone has hacked your network. The issue is connecting to random WIFI hotspots that may not be secure. Also as stated you need to be close to the hacker. I could be wrong about it, and i'm not saying there's nothing to worry about, just that in the big picture the odds of being hit by this bug is very, very small.

So unless you're in one of those situations it's not that much to worry about till the hole gets plugged. Of which I'd be surprised if Maxthon don't fix this in the next release.

Link to comment
Share on other sites

Hi guys,

Thank you for providing more details and links on this problem.

We haven't provided an option to disable SSL3 because it is too risky. Disabling SSL3 might cause inaccessibility problem to some websites.

We are still looking looking into this issue....

Thanks for your patience.

Link to comment
Share on other sites

BugSir007 replied at 2014-11-4 18:34 back.gif

Hi guys,

Thank you for providing more details and links on this problem.

We haven't provided an opti ...

That's a very interesting stance on the situation, since AFAIK every other major browser has an option to disable SSL3. Also most of the information that's discussing this bug states that is the simplest way for a user to ensure that they won't be affected by it.

I think it's another great reason to request an advanced config option within Maxthon.

Link to comment
Share on other sites